[42388] in bugtraq
Re: MySQL 5.0 information leak?
daemon@ATHENA.MIT.EDU (Stephen Frost)
Mon Jan 23 11:55:36 2006
Date: Fri, 20 Jan 2006 19:30:57 -0500
From: Stephen Frost <sfrost@snowman.net>
To: Bernd Wurst <bernd@bwurst.org>
Cc: bugtraq@securityfocus.com
Message-ID: <20060121003057.GK6026@ns.snowman.net>
Mail-Followup-To: Bernd Wurst <bernd@bwurst.org>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="X4lxMjKOkkkXp99S"
Content-Disposition: inline
In-Reply-To: <200601201305.04525@bwurst.org>
--X4lxMjKOkkkXp99S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Bernd Wurst (bernd@bwurst.org) wrote:
> I think of this as a security issue because I have user accounts (nss)=20
> that have publicly available credentials but noone should be able to=20
> see how the database really is organized.=20
>=20
> What do you think of this? Bug?
Probably not but the answer you seek is in the SQL specification.
Information Schema is defined there and it also defines what is allowed
to be seen and by whom. Wanting to hide the database layout from the
users of the database in this way seems quite... confused.
Thanks,
Stephen
--X4lxMjKOkkkXp99S
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD0YDArzgMPqB3kigRAntcAJ9FvEoL9ZPgXInIDrh0C9oWzjpYnQCeLCDK
RgS6zLodxd1NkqG7o6czKWo=
=nAfc
-----END PGP SIGNATURE-----
--X4lxMjKOkkkXp99S--
